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Abstract 


We provide an axiomatisation for =,7,, a variant of probabilis- 
tic trace equivalence as formulated by Bernardo et al., 2014, in the 
setting of the alternating model of Hansson. The equivalence consid- 
ers traces individually instead of trace distributions. We show that 
our axiomatisation is sound and also complete for recursion-free se- 
quential processes. Due to the nature of the trace equivalence, the 
axiomatisation is particularly complex. 

Keywords: Probabilistic processes, Trace equivalence, Complete ax- 
iomatisation. 


1 Introduction 


Non-deterministic probabilistic labelled transition systems (which we call 
probabilistic systems for short) combine choice, as is modelled with non- 
deterministic finite state machines, and probabilities, as is modelled with 
Markov chains, in a single model. This is useful to model concurrent 
systems where interaction leads to probabilistic behaviour. The behaviour 
of such systems can be explained in terms of a set of observations, where 
an observation is a probabilistic trace, a sequence of actions allowed by 
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the system with a certain probability. To determine if two systems are 
equal, their sets of probabilistic traces must be equal. We are interested in 
the equivalence relation this notion yields. In particular, we are inspired 
by the equivalence relation ~pyp, formulated by Bernardo et al.[4], and 
more specifically, their alternative characterisation based on weighted traces 
(Definition 3.2 and Theorem 3.8, respectively, of that article). We apply 
this notion to the alternating model of probabilistic systems [13], and ask 
ourselves how it can be axiomatised. 

In systems where non-determinism and probabilities are combined, the 
semantics gain an extra dimension. Let us illustrate this by a thought 
experiment. 


Example 1.1. Imagine we have a game with two identical-looking coins. 
One coin is fair, the other always produces “heads”. The player chooses one 
of the coins and then tosses it. We can describe this game as a probabilistic 
system (Figure 1). 


“tails” 
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Figure 1: A coin game 


The system in Figure 1 begins with a non-deterministic choice, but we 
could also have modelled it as a probabilistic chance. If the coins are truly 
identical, do we not have an equal chance of picking one over the other? 
What if the fair coin is always to the left? What if we always pick the coin 
that already shows “heads”? The fact we choose to model the game using 
non-determinism means that we have abstracted away from any assumptions 
and consider all outcomes as coexistent. 

A probabilistic trace weighs the chance that a certain sequence of 
actions is allowed by a system. A trace accumulates the probabilities part 
of all paths that are the result of the same choices made, of a particular 
outcome. We assume that all transitions are independent events. So, by 
probability theory, the weight is the product of these probabilities. Due to 
the non-determinism, a trace can, in our setting, be associated with more 
than one weight. 
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Looking back at Example 1.1, some of the traces are [choose] with 
weight 1, [choose, toss, “tails”] with weight 1/2, and [choose, toss, “heads” | 
with weights 1 and 1/2. It is clear that, in our regard, this game is not trace 
equivalent to a game where both coins are fair. But a game where we choose 
(non-deterministically) between arbitrarily many fair coins would be trace 
equivalent to a game where we choose between just two fair coins. 

Process languages allow us to specify systems syntactically. We describe 
probabilistic processes in one of the simplest conceivable probabilistic process 
languages. The process that does not perform any action is denoted by 6, 
following the ACP tradition [2]. The prefix operator a.x describes the 
system that initially allows an a action, after which it continues as the 
system described by x. Alternative composition, denoted by a plus-sign, 
specifies that there is a choice between two sub-expressions. For example, the 
process b.x+c.y describes the system where either a 6 or c action may occur 
initially. Finally, probabilistic composition, denoted by circle-plus, specifies 
that there is a chance distributed among two or more sub-expressions. For 
instance, the process 5b.2@ 5C-Y describes a system where there is a fifty-fifty 
chance either a 6 or c action is allowed initially. 

Using operational semantics, we define how a probabilistic system is 
derived from a probabilistic process. This allows us to extend probabilistic 
trace equivalence to probabilistic processes. It is in general quite laborious 
to show that two processes are trace equivalent. It is sometimes far more 
convenient to have a set of axioms available that allow to transform one 
probabilistic process expression into another in a stepwise manner. Another 
important aspect of such axioms is that they provide an alternative view on 
an equivalence helping to understand whether the equivalence is sufficiently 
elegant and the right notion for the job at hand. 

We present an axiomatisation for probabilistic processes regarding 
probabilistic trace equivalence, which we prove is sound in general, and 
complete for recursion-free sequential processes. We do this by a normal 
form for probabilistic processes. Any process can be rewritten to this 
normal form. Furthermore, we show that two processes in normal form are 
syntactically equal iff they are probabilistic trace equivalent. 

The presented axioms are particularly complex. We give several counter- 
examples that show that simpler axioms are not sound, which shows that 
our proposed axioms are likely to be the natural axioms belonging to the 
trace equivalence as proposed in Bernardo et al. [4]. A natural question 
arising from this, which we will not answer in this paper, is whether the 
proposed trace equivalence is the right one. 
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1.1 Related Work 


Earlier, we gave an example of how we might model using probabilistic 
systems, however, there are many different approaches when it comes to 
specifying one. In generative systems [11], probabilities are distributed 
among all transitions originating from the same state, while in reactive 
systems [16], only among identically labelled transitions. Note that in both 
variants, the probabilities replace non-determinism rather than add to it. 
In the alternating model of Hansson [13, 14], transitions alternate between 
non-deterministic and probabilistic states. Non-deterministic states have 
transitions with action labels. Probabilities are distributed among transitions 
originating from probabilistic states. In Segala systems [22, 21], transitions 
are probability distributions ranging over actions paired with target states, 
and similarly in simple Segala systems, ranging over the same action paired 
with target states. Non-determinism is preserved by the fact that multiple 
transitions may originate from the same state. An example of both models 
can be seen in Figure 2. We note that some approaches are compatible 
to others. These systems can be translated to the compatible form under 
bisimulation [23]. Sokolova and de Vink have presented a hierarchy of 
compatible systems [25]. The alternating model of Hansson and simple 
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Figure 2: An alternating system (left) and a Segala system (right) 


Segala systems may appear similar, however, they are not compatible under 
weak bisimulation, as Bandini and Segala pointed out [1]. 

We focus on trace semantics. There are many different approaches 
when it comes to defining traces in a probabilistic setting. Many approaches 
introduce the notion of an adversary (or scheduler). This adversary resolves 
non-deterministic behaviour by either assigning probabilities to the different 
choices or by determinising them. The resolutions can be aggregated in 
terms of a distribution of traces. Two systems are trace equivalent if for each 
resolution in the one, a resolution in the other exists, where the trace distri- 
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butions are equal. Segala has defined this using simple Segala systems [20]. 
Parma and Segala gave a sound and complete axiomatisation [19] for the 
coarsest congruence contained in this notion, which rather is a simulation 
equivalence [17]. More recently, notions like supremal probabilities [5] and 
coherent resolutions [3] were proposed. 

Bernardo et al. noted that equivalences based on probabilistic trace 
distributions have undesirable properties [4]. It can differentiate models 
that allow the same sequence of actions, with the same probability. Also, 
it is not a congruence for the parallel composition. Instead, they opted 
for a coarser kind of trace semantics for simple Segala systems, where each 
trace is considered individually instead of entire trace distributions. To our 
knowledge, no axiomatisation exists for this equivalence as it stands. 

For notational ease, rather than simple Segala systems, we study the 
axiomatisation for the trace semantics proposed by Bernardo et al. in the 
alternating model of Hansson. We hope this makes the axioms, and their 
soundness and completeness proofs, less complicated. We also hope that 
our axiomatisation provides inspiration to find one in the setting of simple 
Segala systems. 


2 Probabilistic Processes 


We define a probabilistic process algebra which is an extension to CCS [18], 
inspired by the work of Bandini and Segala [1]. It includes deadlocks, 
sequencing and choice. The sequential composition is guarded by an action 
(or label), but it does not terminate into a process. Rather it ends in a 
discrete distribution of processes, each process preceded by a probability. 
In this section, we give the definition of the language and a few helpful 
notations used in the remainder of this article. 

We assume the existence of a finite set of atomic actions A, and we 
refer to probabilities as positive fractions up to including 1, that is numbers 
from the domain P = QN (0, 1]. 


Definition 2.1. We define a probabilistic process expression by the following 
syntax 


NS) | PA): | NE 
P(p) == pN | P(pr)® P(p— pr) 


where a € A is an action, p € P is a probability, and r € Q/N (0,1) isa 
ratio. Furthermore, we have the following operators: deadlock (6), sequential 
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composition (a.P(1)), alternative composition (Nj + N2), and probabilistic 
composition (p;N, ®--: ® pnN,). In the sequel, we also use N as the 
set of all expressions accepted by the syntax of N. Similarly, we also use 
P(p). We write P as the collective of all possible P-expressions, that is 


P = Usep P(p). 


For convenience, we would like to quantify over the alternative and 
probabilistic composition. Hence, we introduce respectively the sum and 
circle-sum operators. 


Definition 2.2. Let X € N* be [21,...,2n], a finite sequence of processes. 
Then we write 

So y=arte +a 

yEex 


or in case X is empty 


Soy =s. 


Definition 2.3. Let [p1,..., Qn] be a sequence of probabilities and let 
[%1,---,2n] be a sequence of processes, both finite and non-empty, where 
I =(1,...,n} is their index set. Then we write 


yp piv = P1X1 B+: D PnXn. 

ier 
Remark 2.4. Note the difference in indexing between }> and »>. The 
sequence-based approach, used for )>, aides some of the proofs in Section 6. 


From the syntax, it becomes clear that any P-expression consists of 
one or more px terms. Later we show that the @-operator is associative and 
commutative. In that case, any P-expression can be seen as a sequence of 
(p,x) pairs, which can be expressed using the circle-sum operator. 


Lemma 2.5. Any probabilistic process expression u € P can be expressed 
as a probabilistic sum, that is 
U= yy Pix 


4EL 
for some sequence of probabilities and some sequence of processes 2. 


When reasoning about probabilistic processes parts of a distribution 
may often end up in a deadlock. Therefore, we introduce a special notation 
that abbreviates this, called a junction. 
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Definition 2.6. Let u, € P(p) be a probabilistic process expression. Then 
we write 


core if p <1, and 
p— . 
Up ifp=1. 
For instance a.( Fx a) 36) is written as a 


Vy 


3 Alternating Probabilistic 
Labelled Transition Systems 


With each probabilistic process, we associate an alternating probabilistic 
labelled transition system (APLTS), which extends LTSs with probabilistic 
transitions. The term alternating refers to the fact that APLTSs strictly 
alternate between non-deterministic states and probabilistic states. Non- 
deterministic states may have no outgoing transitions, while probabilistic 
states have at least one outgoing transition. The initial state is a non- 
deterministic state. 


Definition 3.1. An alternating probabilistic labelled transition system 
(APLTS) is a 6-tuple (Sy, Sp, A, >, -->, 80) where 


e Syn is a set of non-deterministic states, 


e Sp is a set of probabilistic states, 


A is a set of action labels, 


+ C Sy x Ax Sp is a non-deterministic transition relation, 


e --+:(Spx P x Sy) +N isa probabilistic transition relation, which 
is a multiset 
— where P = QN (0, 1] is a set of probabilities, and 


— for all states s € Sp it holds that }) om p-n=1, thus forming 
a discrete distribution, 


e and so € Sy is the initial state. 


Remark 3.2. We use a shorthand notation and write s “> t instead of 
ay pn, 
(s,a,t) €—, and similarly use s -->+ t instead of (s, p,t,n) € -->. 
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NSP No SP 
Ni+No53P M4+N.4P_ a.P(1) 5 P(1) 


4 bs pn 
P,23N PLAN VneNyoP -/? N 


ee 


PiOP,° 3" N  pN2SN PLN 


Table 1: Operational semantics of probabilistic process expressions 


Definition 3.3. Let x € N bea probabilistic process containing actions from 
A. We define [|], the semantics of z, as an APLTS (Sy, Sp, A, >, --», 80) 
where 


e the set of states Sj contains all N-expressions, 
e the set of states Sp contains all P-expressions, 


e the > and -->+ transitions are formed inductively using the operational 
semantics as defined in Table 1, which are stratifiable and therefore 
consistent [12], 


e and the initial state so is x. 


Example 3.4. Assume that A = {a,b,c,d} and let x € N be a process 
defined as 


1 1 1 il 
(Se: =C. <d. wt =6u1 b.le.1 ; 
a. (Fe1do Fedo Fa.18) +a5c 6+ b.1c.16 + 6 


Using Definition 3.3 we find the corresponding APLTS as shown in Figure 3. 


4 Probabilistic Trace Equivalence 


In this section we introduce the notion of p-traces, the set of probabilistic 
traces for an APLTS, as well as a number of useful operations on and prop- 
erties of p-traces. We also define the notion of probabilistic trace equivalence 
for processes. 
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Figure 3: The APLTS [e. (5c.16 ® $c.16 ® id.16) | a. 5C.16 + b.1e.16 +6 
Note that, for brevity, the residual probabilities to the deadlock state are 


abbreviated as a downward arrow. 


Definition 4.1. A weighted trace or p-trace is a pair consisting of a sequence 
of actions from A* and a probability from P = (0,1] Q. The set of all 
p-trace sets is T = 24"*?, 


Definition 4.2. Let X,Y € T be p-trace sets, a € A be an action, p € P 
be a probability, and let ¢ be the empty sequence. We define the following 
operators on sets of p-traces 


aX = {(ao,p)|(p)EX}  p-X={(o,p-0)|(Q) EX} 
U {(e,p) | (ep) © Xf Xe = {(€,p) | (Ep) © X} 


XWY={optol(p)EXA(o,Q)E VY} Xe=X\Xe 
U{(o,p) | (0p) €X AVo (9,0) EY} 
U {(9,0) | (0,0) €Y AVp (op) € X} 


Let T € 7* be a sequence of p-trace sets. We define 4.-; 7; = 7, W---W Th. 
ier 


Example 4.3. As a demonstration of the operators just defined, we witness 
that 


pa. {(¢,1)}¥ (1 — p)- {(e,1)} 
=p {(E,1), (a )}¥d—p)- tle Dt 
= {(é,p) (a, p)}  {(e,1— p)} 
= {(e,1), (a, 0)} 
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and 


HeU(o-a {ED he 

={(6 D(a DUE) (ape 
= {(6, D} U {(a, p)} 

= {(¢, 1), (a, p)} 


Definition 4.4. Let (Sy, Sp,A,—,--+, 50) be an APLTS. We define the 
function pTr : (Sj USp) > T such that for all states s € Sy U Sp, pTr(s) 
is the minimal set such that 


e if s € Sy and s has no outgoing transitions, then (¢,1) € pTr(s), and 


e if s € Sy and s has at least one outgoing transition, then 
Ura, t)|sSt a.pTr(t) c pTr(s), and 


e ifs e Sp then Ww, Wit, p: pIr(t) C pTr(s). 


This function ites the basis of our equivalence. Two processes are 
said to be p-trace equivalent iff their derived APLTSs are characterised by 
the same set of p-traces. 


Definition 4.5. Let s,t € Sy U Sp be two states. We call s and t p-trace 
equivalent iff pTr(s) = pTr(t), which we denote as s =p7, t. We call two 
APLTSs p-trace equivalent iff their initial states are so. 


n)|s-- St 


Lemma 4.6. p-trace equivalence is an equivalence relation. 


We extend the equivalence to probabilistic processes, and write [a] =p7; 
[y] as x =prr y. Likewise, we refer to pTr|z] simply as the set of p-traces 
of a process 2. 


Example 4.7. Let x € N be the process 


1 | 1 | 3 1 | 1 | 5 


In Figure 4 we see the corresponding APLTS [a]. The set of p-traces 


(e; 1); (a, 1); (a, ; a 5) ; 
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Figure 4: The APLTS [a[} (bj 4c.15+b{3c.1d) @ 3(b{hc.16+b{2c.10)]| 


v 


When we explore p-trace sets derived from probabilistic processes (NV), 
four properties come to our attention: the trace (<, 1) is always present, a 
trace with an action sequence of length one always has the probability 1, the 
complete set of prefixes (of its action sequence) are present for each trace, 
and each trace that is a prefix to another trace has a probability greater than 
or equal to this trace. We can extend some of these properties to p-trace 
sets generated from process expressions in general (N and P). 


Lemma 4.8. All p-trace sets derived from probabilistic process expressions 
are €-preserving: let  € N and u, € P(p) be process expressions. Then 


pTr[x], = {(€,1)} and pTr[up]. = {(€, p)}- 


We notice a relation between the p-parameter in a process expression 
and the probability of the empty trace derived from this expression. We 
are interested in understanding whether we can find more relations between 
expressions and their derived p-trace sets. Table 2 shows a number of such 
properties. 


Lemma 4.9. The =)7; relation is a congruence for the complete syntax of 
process expressions. 


Proof: This follows from the properties in Table 2. 


Remark 4.10. Our process algebra does not include a generic renaming 
operator, i.e., an operator that replaces all occurrences of an action to 
another in its sub-expression. However, we note that this operator would 
not be congruent in our setting. For example, it is clear that the p-trace 
equivalent processes shown in Figure 5 are no longer equivalent if the 6 
action is renamed to c. Yet, a congruence can be achieved if renaming-to is 
restricted to actions not already occurring in the process. 


80 Ferry Timmers and Jan Friso Groote 


Pl pTr|o] = {(e,1)} 
P2 pTria.u] = a.pTr{ul 
P3 pTr|«+y] = pTr|z] U pTr[y] 
P4 pTr| sul = pTr[ul]; U {(e, 1)} 
P5 pTr|pz] = p- pTrlz] 
P6 pTrlu@v) = pTrlu] ¥ pTr[v] 
Pr pTr S- el = U pTr|z] if X is not empty 
cEX vex 
P8 pir yy pPixi|| = LJ pi pTr[xi) 
wel ieL 


Table 2: Relation between process and p-traces operators. 


Figure 5: The APLTSs a. ($0.16 ® 5c.16) | and [a.}30.10 + a.\ je-18| 


Remark 4.11. The model we use has a particular property. While in simple 
Segala systems it would not be possible due to the nature of distributions, 
our operational semantics allow for multiple transitions from the same prob- 
abilistic state to the same nondeterministic state as long as the considered 
transitions are labelled with different probabilities, otherwise the first rule in 
the second row of Table 1 would come into play by merging those transitions 
while summing up their multiplicities. However, Definition 3.1 admits mod- 
els in which a probabilistic state features identically labelled probabilistic 
transitions reaching the same nondeterministic state, as illustrated by the 
APLTS at the top of Figure 6. We have to decide what this means in terms 
of our probabilistic traces. In case we do not regard probabilistic transitions, 
both systems in Figure 6 would be equivalent. If we allow each probabilistic 
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Figure 6: Two alternating probabilistic systems. 


branch to be chosen deterministically, not depending on a prior choice, it 
is possible to do the upper b with probability 1/2 and the lower b with the 
same probability in one trace. This would include the trace abc with a weight 
of 3/4 in the top system, but not in the bottom system. We have chosen 
the least conservative (and most discriminative) approach, and chosen the 
adversary to be deterministic and memoryless. The aforementioned distinc- 
tion would not arise if, after the considered probabilistic transitions, there 
would be no internal nondeterministic choice like the one between the two 
b-transitions. 


5 Axioms 


In the previous section, we defined an equivalence relation for probabilistic 
processes based on probabilistic traces. We would like to find a set of axioms, 
that allows us to manipulate processes in such a way that we find different, 
but p-trace equivalent, processes. Even more, we would like to be able to 
find all processes that are p-trace equivalent to a given process, using this 
set of axioms. In other words, we want this set to be sound and complete. 
We claim we have found such a set. Table 3 shows this axiomatisation. In 
this section, we give a rationale behind the axioms and in the following 
subsections, we include a proof for completeness. 


5.1 Basic Axioms 


For the first few axioms we can draw inspiration from existing axiomatisations 
of CCS [15], and we can readily adopt the following axioms: alternative 
composition is associative (A1), commutative (A2), idempotent (A3), and 
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PAI uOBv = veu 
fe a Oa PA2 (u@v)O@w = uS(vevw) 
‘ah alee on PA3 pd 0d = (p+ea)d 
PT1 a.tp (x+y) = ov. px + a. py 
PT2 a.! (pr B.lon + a.1pB.16 = a.! (pr) B.16 + a1 pB.1 (or) x 


PD1 a. D> pi (tity) = aD pis +o. WD piyi 
tel iel iel 
if x; and y; are disjoint!, for each i, 7 


PD2 a! BD pi yy But ye, Bu| = a! BD pi ae But ot D> pi > fom) 


wel ucU, vEV; w€I ueU; t€I VEN; 
if U; and V; are disjoint’, and not empty, for each i, j 


w.1 pi D> a ou8-u + 


> o.} Ou. + iel  ueU; 
i) ! 
PDS wil wey | SEF = w.} iri do fewB1S + 
‘el y Q.1OvB.v i€el weU;UV; 
i] i] 
vEV; w.1 D> pi y Q.108.v 
i€I vEV; 


if U; and V; are disjoint’, and not empty, for each i, j 


Pp Q 
PUL pa.u® eau = (p 0). ( -ug -») 
p+eo pt+e 
PU2 p>, au®e >) av — (+0) Da( ve 2») 
uceU vEeV ucU vEeV pP+e@ p+e 


if U and V are disjoint’, and not empty 


PUS pS alubueeS alerBw = (e+e) S Tai ( pve a0) 
uceU vEeV weU vEV p+e 
if U and V are disjoint’, and not empty 


+ 
X1*  p S> a.}p8.15@ 9 J. 0.198.186 = (0+ 0) 2 DS aj 8.1 
pEN qeEP qEP pEN P Q 
if N and P are not empty 


X2* pa.io8.u = (pg) a.18.u® (p(1— @)) a.16 


Remark. We use a shorthand notation p- )),<; pivi instead of B),_7 (P- pi) zi- 
Remark (t). Following the notion of (sets of) disjoint processes given in Definition 5.4. 


Remark (*). This is an auxiliary axiom and can be disregarded for the sake of completeness. 


Table 3: Axioms of probabilistic trace equivalence 
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has 6 as the identity element (A4). For probabilistic composition we can 
intuitively find it is commutative (PA1) and associative (PA2). Unlike 
alternative composition, it is not idempotent nor is there an identity element, 
however, we can unify 6 terms (PA3). This can be explained by using 
Remark 4.11 and the fact that something more can be unified in the absence 
of internal nondeterminism thanks to axioms PU. 


5.2 Axioms for p-trace Equivalence 


We can also find axioms that hold specifically for p-trace equivalence. For 
CCS trace equivalence we have the classic law a.(x+y) =a.x+a.y [10]. We 
can generalise this property for a junction in general obtaining PT1. 

If a process only has junctions, rather than more complex probabilistic 
compositions, we notice an interesting fact. The probabilistic part of the 
generated traces is always a multiplication of probabilities in the process. 
We wonder if we can redistribute this product along the probabilities of a 
process, and find a p-trace equivalent process. Specifically, we wonder if 
| | | | ° 5 A 
U(pr)a.10% =pTr |pa.! (re) x. For completed trace equivalence this is the 
case [24], but we can find a simple counter-example for p-trace equivalence. 


Example 5.1. Let z€N be the process at (1 : 5) b.ixe.16, and yEN the 


process a.t1b.1 (5 : 5) c.16. Then we have that 


e pTr[z] is {(e, 1), (@s1) (ab, 5) ; (abc, ay} and 
e pTr[y] is {(€,1), (a1), (ab, 1), (abe, 9) }- 
It is clear these processes are not p-trace equivalent. 


The problem is that the shorter traces are not respected by this trans- 
formation. The transformation is only valid when both instances of the 
shorter trace are already present in the process. We can instead move a 
junction to another part of the process where some of the probabilities need 
to be adapted. Let us give an example. 


Example 5.2. Let « € N be the process ant (1- 


1 

2 
and y € N be the process ant Ch . $) b.16 + a.11b.1 ( 
respectively in Figure 7, then we have that 


c.16 + a.11b.16, 


11 
5) c.16, as shown 


e pTr|x] and pTr[y] are equal to {(e, I cte. Ths (ab, 5) , (ab, 1), (abc, z)}- 
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Figure 7: The two transition systems in Example 5.2 


Hence, the processes are p-trace equivalent. 


Inspired by the example we can formulate axiom PT2. This gives us a 
complete axiomatisation for processes where every probabilistic composition 
is a junction. We call such process a street, and we will see that any 
probabilistic process can be converted into a street under p-trace equivalence 
using some additional axioms. 


5.3 Axioms for Distribution 


We showed that, for p-trace equivalence, alternative composition distributes 
over junctions (PT1). We wonder if the same holds for more complex 
probabilistic compositions. In general, we ask ourselves whether 


a. »y pi(tit+ Yi) =pT a. »y pity +. »y PiYi 


wel wel wel 


for sequences of processes x,y € N* and probabilities p € P*. We can show 
by a counter-example that this is not the case. 


Example 5.3. Let x € N be the process 


1 | 1 | 3 1 | 1 | 5 
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and y € N be the process 


Wen jell. 1,1 1, (3 1,5 
.{ —b.1-c.1 cl +a. cl —b.1—c.16 J , 
a (5 uae OD shire 5) a (5.43¢ 0 @ pb.) cc 5) 


as shown respectively in Figures 4 and 8. 


Sa ae 


\ 


Figure 8: The process a. (56.50.16 ®B 5.3.16) +a. (5b.2c.16 ®B 50.20.16) 


We have that 
e pTr{a] is {(e, 1), (a, 1) (ab, 1), (abe, x) ; (abe, 2) ‘ (abc, 3) . (abe, +), 
e pTr{y] is {(e, 1) (ae dna abs Ls (abe, z) ' (abe, 4)}. 


From this we can conclude that pTr[z] D> pTr|y], thus the processes are 
not p-trace equivalent. 


The processes in Example 5.3 are not equivalent because their traces 
(a1 U y1) © (x2 U yz) are not equal to (41 8 x2) U (y1 W y2). This would only 
have been the case if the traces of 7; and y; did not share the same action 
sequences. We call two sets of traces that do not have a single action sequence 
in common disjoint. We extend our notion of disjointness to processes. 


Definition 5.4. We call two processes or process expressions disjoint when 
their leading (the first following) actions form two disjoint sets. We call two 
sets of processes disjoint when their processes are pairwise disjoint. 


We find that for disjoint sets of processes, alternative composition 
distributes over probabilistic composition (PD1). 

The notion of disjoint processes we have given is simpler, and therefore 
more restrictive than the notion of disjoint p-trace sets. We can, however, find 
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disjoint behaviour deeper in the process. The processes a. | 5b. 16 +a. 90. 16 


and a. L5e 16 show disjoint behaviour, even though they both have leading 
ae ioe ia The processes become distinct at a deeper level. We generalise 
this: the process 1.1 p1 : Onl Ona shows disjoint behaviour to process 
1-101 .- “On-1Ony when x and y are disjoint, where a € AT is a sequence of 
actions, p,@ € P* are sequences of probabilities, and x,y € N are processes. 
We are interested if distribution like PD1 also holds for processes with disjoint 
behaviour. This is the case but there is a catch. We must respect the part 
that is not disjoint. Therefore the distribution results in three terms: the 
two disjoint terms, and a term that remains undistributed, which includes 
the processes until the part they become disjoint. 


Example 5.5. Let 21,72 € N be the processes b. [ge 1d.16 and b.1 ec. 1d.16, 


and let y1, y2 € N be the processes b. ige. 1e.16 and b. Lge. le.16. Note that x 
and y show disjoint behaviour. Then - we have that 


e pir [a. [5 ( x1 + yi) BS (x24 + 4p I] is {( é, 1) a, 1), (ab, 1), (abe, t), 
(abe, 2), (abe, 3) (abe, 4), (abcd, x); ee ny which is also 


e oTr [a. (521 a) 522) +a. (5m an) 542) at (4 Lo 6+ 
b.|3c.1d) © § (b.)de.15 + b.}3e.16) |]. 


We can find axioms for disjoint behaviour at any finite depth, but for 
completeness, we only need to consider the quantified versions of level 1 
(PD2) and level 2 (PD3). 


5.4 Axioms for Unification 


We have already seen that 6 terms in a probabilistic composition can be 
unified (PA3). We wonder if we can also unify more complex terms. We 
consider px ® ox = (p+ e)x and px © oy = (p+ 0) («+ y), and present 
counter-examples. 


Example 5.6. Let x € N be the process b.! fs 5C. 16 + b.1¢.16, and p,o € P 
be probabilities both 5: We see that 


e pir [a-(g2 ® 5x) | is {(é, 1),(a,1), (ab, 1), (abc, 5) ; (abc, 3) , (abe, 1)}, 


and 
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e pTrla.(5 +4) a] is {(e, 1), (a, 1), (ab, 1), (abe, $) , (abe, 1)}, as shown 
in Figure 6. 


Note that the trace (abc, 3) is not present in both p-trace sets, these processes 
are not p-trace equivalent. 


Example 5.7. Let x € N be the Brees 6.16, y € N be the process c.16, 
and p,o € P be the probabilities 4 = and 3. Note that x and y are disjoint. 
Then we have that 


e pTr|a.(zx ra 2y)]] is {(e, 1), (a,1), (ab, 5) ; (ac, 3), and 
e pTrla.(§ + 3) (c@+y)] is {(e,1), (a1), (ad, 1), (ac, 1)}. 
It is clear that these processes are not p-trace equivalent. 


From the last example it becomes apparent that we can not unify 
terms that are disjoint. The same set of leading actions need to be present. 
Example 5.6 shows that, even when this is the case, alternative composition 
inside terms causes problems. However, for the simple case where both terms 
have just a sequential composition, with the same action, the terms can be 
unified (PU1). The result is a new probabilistic composition, which is the 
combination of both terms, each multiplied by a correction factor, so their 
probabilities add up to 1. 

In the previous section we talked about disjoint behaviour. We are 
interested if we can apply this also to terms in a probabilistic composition. 
This appears to be the case, although it manifests itself in a different way. 
When unifying two groups of processes with disjoint behaviour the result 
is a Cartesian product of the groups. This is analogous to the way the 
W-operator sums probabilities with equal action sequences. 


c.ld.16 and 
c.le.16 and 


{Be.le.16. Note that u and v show disjoint behaviour. Then we have that 


Example 5.8. Let u1,u2 € P(1) be the process expressions 


13c.1d.16, and let v,,v2g € P(1) be the process expressions 


e pTr a. [5 (b.uy + b.u2) ® 5 (b.v1 + b.v2)]] is 


{ (e, 1) ,(a,1), (ab, 1), (abe, 3) (abe, 2), (abc, 3) | (abc, 4), } 

(abcd, Ly (abcd, *), (abce, x). (ates, =) : 

which is also 

pT (.[-m ebm] +b [bm ed 
b. [5° U2 @ 5° 
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The processes are p-trace equivalent. 


Like distribution, we can find unification axioms for disjoint behaviour 
at any finite depth, but for completeness, we only require the versions of 
level 1 (PU2) and level 2 (PU3). 


5.5 Auxiliary Axioms 


We also present a couple of auxiliary axioms that are not required for 
completeness. They can be derived from the other axioms. 

First, we present a special case of Axiom PU3. Suppose that both 
process expression groups U and V contain only 6. We can simply sum up 
their probabilities (X1). We present this axiom for convenience as it will be 
used as a base case in the completeness proof. 

We also present an axiom that, although it can be directly derived from 
Axiom PU1, is not intuitively clear. We can split off the 6-part of a junction 
and distribute it over a preceding probabilistic composition (X2). This is a 
noteworthy trait, but we will not further employ it. 


6 Soundness and Completeness 


In the previous section, we presented axioms summarised in Table 3. All 
axioms are sound, of which the extensive proofs can be found in [26]. Here 
we concentrate to prove that the axioms form a complete axiomatisation. We 
begin by defining a subset of probabilistic processes, where each probabilistic 
composition can be written as a junction. We call these processes streets. We 
show that any process can be rewritten as a street under p-trace equivalence. 

We also define a subset of streets, processes with only deadlocks, se- 
quential compositions, and junctions. We call these processes lanes. We 
show that any street can be rewritten as a sum of lanes under p-trace equiv- 
alence. We also show a number of interesting properties that relate lanes to 
p-traces. Finally, these properties are used to define a normal form, from 
which completeness if proved. 


6.1 Streets 


Definition 6.1. We define the set of process expressions Street C (N U P) 
as the minimal set, where z,y € N, u€ P(1), p€ P, anda € A, satisfying 
that 
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6 and 16 are streets, 


e if x and y are streets, then so is x + y, 


if u is a street, then so is a.u, and 


if x is a street other than 6, then so is {pa 


We defined streets informally as a process where each probabilistic 
composition is a junction. With this statement in mind, we can then deduce 
from the syntax that every street can be written as a sum of action prefixed 
junctions. Using Axioms Al-4 we can generalise this to a summation over a 
set. We formalise this. 


Lemma 6.2. Let x € (N/M Street) be a street process. There is a sequence 
S€(AxP x Street)" such that x = S- a. | py. 
(a,p,y)ES 


We also consider partial streets, which are processes where all but 
their first probabilistic composition is a junction. In particular, we look 
at processes of shape w. »),<; pixi, Where w € A is an action, p; € P are 
probabilities, and x; € (NM Street) are street processes. 


We can generalise Axiom PA3 for such processes (Lemma 6.4). 


Remark 6.3. For simplicity, we will also use the notation of t Pie , ui for I 
is empty as an abbreviation for 16. 


Lemma 6.4. Let w.>),-, pix; be a partial street. This street is equivalent 


| 
to a process of form w.! Pic re,¢6 PiXi- 


Proof: In case there are no processes x; that are 6, it is intrinsically true. 
In case all processes x; are 6 we have that w. b),<7 piti = W. Pic pid = w.1d 
(PA3) for which we will write wt ier|njes PiTi- 
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Otherwise, we have that 


Ww. p> pit =W. »y pix; B yy PiXi split domain 


=W. y pix; @ yy pio 
ie 1a; 45 i€l|ai=6 

= Ww. »y pit; @ S> pil o PA3 
ie aid i€l|ay=6 

=w.! »y Pix; definition of | 


Remark 6.5. In the following lemmas, we make extensive use of Lemma 6.2 
to unfold street processes. In every case, we denote the resulting sequence 
by an upper-case variant of the variable. For the sake of brevity, we do not 
mention this explicitly. 


More interestingly, we can split a partial street into a sum, where each 
street starts with the same action. 


Lemma 6.6. Let w.}),-; piv; be a partial street. It is equivalent to a 
dw Pipi Dd) a.loy, 
acA i€l (oy)EXx? 

where XxX; = {(0, y) | (a, 0,Y) € XG 

Proof: We show that 


W. by pit = WwW. pi S° a. oy Lemma 6.2, Remark 6.5 
tel tel (a,0,y)EX; 


= w. b> pi y 2 a. oy Al, A2, A4 


wel ac&A(o,y)exe 


ae ain 
acA tel (oy)EXx? 
PD1 (definition of disjoint processes) 


process of form 


We can repeat this process one level deeper. We split a partial street into a 
sum, where each street starts with the same two actions in a row. 
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Lemma 6.7. Let w. });<; pivi be a partial street. Then, it is equivalent to 
a process of form 


wt Bw wm dD) wie DD B.lpz, 


where X% = {(0,y) | (a, 0,y) € X;} and similarly is Y°. 


We generalised Axiom PA3 for partial streets in Lemma 6.4. This allows 
us to unify terms with empty streets. We continue this one level deeper, and 
unify terms with streets of length 1 that all start with a particular action, let 
us say a. Assume there is at least one street atx in a partial street, where 
x € N isa process other then 6. We can unify all terms a.16 with longer 
counterparts. That means that the process at [4 (b.1c.16 + 6.16) @ $b.16| 


can be rewritten to a. 130.1 Lac. 16. 


Lemma 6.8. Let }) <7 pi Des a.1oy be a partial street, where a € A 
is an action, and for some i there is at least one y that is not 6. This street 


can be rewritten to a partial street }>,-; By eX! a. 10Y, for which it 


DD) 
holds that all values of X/ and y are neither empty nor 6. 


We can continue this one level deeper and unify streets of length 2. 
Instead, we show that we can split up a process into two parts. Let’s assume 
we have a partial street where each term is a street of at least length 2, 
having the same two consecutive actions, call them a and (@. We can then 
group all streets of exactly length 2 into one half, and group the streets that 
are longer into another. Furthermore, for the latter group, we can unify 
their probabilities in each term so that they are all of the form a. 1 pp 1On, 
where ( is a particular probability. 

First, we show that we can separate a particular length-2 street from 
a sum. 


Lemma 6.9. Let }) <7 pi Smee a.10 ee er B.1pz be a partial street, 
where a, 8 € A are actions, and all X; and Y are non-empty. Then, it is 


equivalent to a process of form 


wl Spi LS a.108.16 + 


tel (o,y)EXs 


wtb DY alas! 


ie (0,y)EXs (p,z)EY 


where 6; is a particular probability depending on 7. 
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We now have the building blocks to show that we can rewrite any 
process to a street under p-trace equivalence. 


Lemma 6.10. Let s =w. rier pix; be a partial street. There exists a street 
s’ € (NO Street) equivalent to s. 


Proof: We have that w. by pins = Ss" we! yy pi Ss" ato Ss" B.\pz 
ie a€A,BEA iEl|XPAl] (0y)EX®  (p,z)EY? 

by Lemma 6.7. We prove for each of the terms of the leading sum separately 

that it can be rewritten to a street. Let a, 8 € A be the actions of a par- 


ticular term. In case that all instance of X* are empty we have the term 


wet Priel| eeu w.1d, which already is a street. In case all instances of 


Y® are empty we have that 


we! yy pi S> ato B.\pz = w.! yy) pi Ss" a.1é 


iel|XP Al]  (eylexP (p,z)eY? tel|XPAl]  (oyleXP 
=w.! yy pia.ld A3 
el |XP Al] 
=w.! > pi | ald 
iel|XPAL] 
gen. PU1, 


results in a street process. 


Otherwise, at least one instance of Y? is non-empty. We can rewrite 


this term to 
w{ pips DL ale dD) B.bp2 


jet (o,yEX10 (p,z)eY? 


for some p’ and X’%, such that all instances of X’~ and Y® are non-empty 
(Lemma 6.8). This allows us to rewrite the term to 


( wet jes Pj D(oyexte a.108.16 + 
| lA | G 
Wd Plies Pj Lu(oyexie Lulpzyev# © LOjB. Fz 


We prove this for both terms separately. 
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Let p’ be the sum of probabilities (= 4163 pi). The first term 


wet yy? 0; ys a.108.16 


JET (gyeX' 


6 ie J 0/03) 
= w.ip" Ss" a. BS generalized X1 
(01,-)EX1%,-..,(On,-)E XO 
results in a street process. 


The other term 


a a a ar: 


JET (0,y) EX! (p,z)eY? 


ae, oe 7a PID Oe ve 4] 


* 0; 
ied (o,y)EX/? (p,z)eve 
pO; 
=W. ip" Q. | > > B.t ee generalized PU1 
jeJ p (o,y)EXi (p,z)EYF +O 


0; 0; 
= w.ip't where ¢ := aly ca S> S> pe note that t € N 
jeJ (o,y)EX;° (p,z)EY? : 


a A . . . 
=W.1p t induction on t, where t’ is a street process 


results also in a street process. 


Since a sum of streets is also a street itself we have now shown we can 
rewrite s to a street process. Hence, the lemma is valid. 


Theorem 6.11. For every probabilistic process there is an equivalent street 
process, derivable using the axioms of Table 3. 


Proof: Let x € N be a probabilistic process. We prove by induction on 
the structure that we can rewrite x to a street process. 


e Suppose that xz = 6. In this case it already is a street. 


e Suppose that x = y+ z, where y,z € N are processes. Then, by 
induction, we can rewrite y and z to street processes y/ and z’. By 
substitution, we find y’ + 2’, which is a street. 
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e Suppose that « = w.u, where w € A is an action and u € P(1) isa 
process expression. We have a sequence [(/1, 41) ,---; (Pn; Yn)] such 
that u = >),<; piys (Corollary 2.5). By induction, we can rewrite each 
process y; to a street yj. By substitution, we find w. });-; piy; which 
we can rewrite to a street (Lemma 6.10). 


In conclusion, we have shown that all processes x € N we can rewrite to a 
street process, under p-trace equivalence. 


6.2 Lanes 


In the previous section, we introduced streets and showed we can rewrite any 
process to a street under p-trace equivalence. In this section we introduce a 
more restricted group of processes called lanes. In lanes we eliminate every 
form of branching, except junctions. Lanes are completely linear processes. 
We show that any street, and by extension any probabilistic process, can be 
rewritten to a sum of lanes, which is an alternative composition where each 
term is a lane, under p-trace equivalence. 


Definition 6.12. We define the set of process expressions Lane C (NU P) 
as the minimal set, where x € N, u € P(1), 9p € P, anda € A, satisfying 
that 


e 6 and 16 are lanes, 
e if wis a lane, then so is a.u, and 
e if x is a lane other than 6, then so is {pr 


Theorem 6.13. For every street process there is an equivalent sum of lanes, 
derivable using the axioms of Table 3. 


Proof: Let « € (NN Street) be a street process. We prove by induction 
on the structure that we can rewrite x to a sum of lanes. 


e Suppose that x = 6. It already is a sum of lanes, namely, the empty 
sum. 


e We have never that x = 10d, since 16 ¢ N. 


e Suppose that x = y + z, where y, z € N are processes. Note that by 
definition y and z are also streets. By induction, we can rewrite them 
to a sum of lanes y’ and z’. By substitution, we find y’ + 2’, which is 
also a sum of lanes, by domain union. 
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e Suppose that « = a.u, where a € A is an action and u € P(1) isa 
process expression. There are two cases. 


— Suppose that u = 16, then x is already a sum of lanes, namely, 
the sum with only the term a.16, which is a lane. 


— Suppose that u = Ly, where p € P is a probability and y € N 
is a process. Note that by definition y is also a street. By 
induction, we can rewrite it to a sum of lanes y’. By substitution 
we find a. py. If y/ is empty we have that a.1p6 = a.16 (PA3) 
which we already saw is a sum of lanes. Otherwise, we have that 
a.tpy’ = a.1p Dey 2 with a suitable Y’, where all instances of 
z are lanes. Since we assumed Y’ is not empty, we can rewrite 
this to yey Q. | pz (PT1), which is a sum of lanes. 


Together, this proves the theorem. 


We are interested if we can find a relationship between lanes and p- 
traces, and find interesting properties of lanes regarding their p-trace set. 
One notable property is that the p-traces of a lane are unique to that lane. 
In other words, no two lanes exist with the same p-trace set unless they are 
equal by construction. 


Lemma 6.14. Lane processes or expressions that are p-trace equivalent are 
also syntactically equal. 


When we look at a p-trace set associated with a lane, one thing imme- 
diately stands out. Each trace has a unique action sequence. We formalise 
this. 


Lemma 6.15. Let s be a lane and let (c,/) and (0, @) be two traces of 
pTr[s]. Then (0, p) = (¢, 9). 


We are interested in the trace with the longest action sequence in a 
p-trace set associated with a lane. We can conclude from the last lemma 
that there is only one such trace. We call this the characteristic trace of a 
lane. Since by construction the p-trace set is never empty we know this trace 
must always exist. For a trace shorter than the characteristic lane, let’s say 
(0, e), we can also find a shorter lane so that this lane has a characteristic 
trace equal to (a, p). We show that we can rewrite any lane to a sum of lanes 
so that each lane in this sum corresponds to a trace in the original lane. 
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Definition 6.16. Let s € Lane be a lane and let (0, p) be a trace in pTr[s]. 
We call (o, p) the characteristic trace of s iff for all traces (¢, 0) € pTr|s] it 
holds that ¢ is a prefix of o (¢ < o). We denote this trace as C(s). 


Lemma 6.17. Let x be a lane process. There is a sum of lanes s = )Jyegt 
equivalent to x, such that Use g {C(t)} = pTr[ a]. 


Proof: We prove by induction on the structure that we can rewrite x to 
such s. 


e Suppose that « = 6. Then pTr[a] = {(¢,1)}. Hence, x intrinsically 
satisfies the condition. 


e Suppose that = a.lé. Then pTr[z] = {(¢,1),(a,1)}. We can 
rewrite x to a.16 + 6 (A4) which satisfies the condition. 


e Suppose that 7 = a. Ipy, where y € N is a lane. Then p7r[az] = 
a.p- pTrlyleU {(e,1),(a,1)}. By induction we can rewrite y to a 
sum of lanes }°,<yt for which the condition holds. Hence, we can 
rewrite x to 


a. py = apy” t induction 
teY 
= a.ip ag A4 
teY 
=) alpt+ ald + 6. PT1, PA3, A4 
vend 


Note that 


U {c(a.{pt) } U {C(a.16)} U {C(6)} 


teY 


=U {e(alot) bu (e.1).(@,0)} 


teY 


= a.p: U {C(t)}eU {(é, 1) ) (a, 1)} 


teY 
a a.p- pTrlyjeU tle, Ls (a; 1)} IH, 


which is pTr|z]. Thus, the condition is satisfied. 
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This means that we have shown the lemma holds. 


If we look at a sum of lanes we see that different lanes could have 


the same characteristic trace. For instance in the process a.1b.1 70.16 + 
a.) 50.1 5C.16 we have two lanes both with characteristic trace (abc, i): Note 
that the probabilities drop off sooner for the second lane, in comparison 
to the first one. Conversely, all traces corresponding to the first lane have 
generally larger probabilities compared to the second lane. We can aggregate 
this. We can distinguish lanes, in the context of a sum of lanes, whose 
corresponding traces have the largest probabilities, amongst a group of lanes 
with the same characteristic trace. We call such lanes principal. We will 
show that principal lanes that are part of the same sum, with the same 
characteristic trace, are syntactically equal to each other. We also show that 


we can rewrite a sum of lanes to a sum of principal lanes. 


Definition 6.18. Let s = }¢,., +t be a sum of lanes, and let 2 € S be a lane 
part of s. We call x principal iff for all traces (0, p) € (pTr|[z] \ {C(a)}) and 
all traces (0, g) € pTr|s] it holds that p > 9. We call s the context of lane x. 


Lemma 6.19. Let s = )°,cg¢ be a sum of lanes, and let x,y € S be two 
principal lanes part of s such that C(a) = C(y). Then x = y. 


Proof: First, we prove that pTr[z] = pTrly]. We just show that 
pTr|z] C pTr|y] since the proof for the converse is symmetrical. 
Let (0, p) be a trace in pTr[z]. We have two cases. 


e Suppose that (o,p) = C(x). Then we have that (o,p) € pTr[y], since 
C(y) € pTr|y] by definition and C(x) = C(y). 


e Suppose that (o, p) 4 C(x). Then there must be a trace (0, 0) € pTr|y], 
since a longer trace C(x) = C(y) exists in pTr[y]]. Because both lanes 
are principal, we have that p > @ and @ > p, and thus p = o. We 
conclude that (0, p) € pTr[y]. 


Together we have that pT7r|z] = pTrl[y], which means that « = y by 
Lemma 6.14. 


Lemma 6.20. Let s = }0,-,¢ be a sum of lanes. There is a sum of principal 
lanes equivalent to s. 


Proof: We prove this lemma by induction on the structure of s. First note 
that any lane 6, a.16 or a. 08.16, where a, 2 € A are actions and p € P is 
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a probability, is intrinsically a principal lane. For the remainder of the proof 
we can assume that we only need to prove the lemma for lanes of length 
larger than 2 (*). 

Note that we can split up S into sequences having the same two consec- 
utive actions (Al, A2). Let S° be E |t€ SA Apepucpt = a. pB.u . Since 
these sequences are disjoint we can prove the lemma for each one separately. 
If we prove for arbitrary actions a, 6 € A that we can rewrite s%? = te ges t 
to a sum of principal lanes, then by extension the same holds for s. 


By assumption of (*) we know that S®? is not empty. So, we can find a 
probability 6 € P such that for all lanes a. p68 u€ S it holds that p > p. 


Then we can rewrite s%? to 


Sot 


Ss" a. pB. Lox for some p,g € P and x € N, (*) 


teSos a. 1 pB. t ere So8 
= S> a. pB.\ou + S> a. 168.16 A4, PD2 
Q. | pb. { oxE Soe Qa. 1 pb. i ore SOR 
ap 1 PQ 
= S- a. pB.16 + S- 0.1 PB.) ee PT2 
Q. 1 pB. i ore Soe a. | pB. i or ESOP 
re Pe 
= Ss a.1pB.16 + a.ip S> Bee 
Q. 1 pB. t oxE Soe Qa. pb. ! ore Soe 
PTI (5% 4 [)) 
“ pe 
= Ss" a.1pB.16 + a.tp S- Bee 
a. | pp. i ore Soe a. 1 pp. . oa! E S108 


induction, where all elements of $’°° are principal lanes 


= S- a. | pB.16 + > «.1p8.1"2a! PTI 


\ 1 sab 1 1 , G/aB ig p 
a. | pB. | exe a. | pB. | ox’ 


Note that the left sum is intrinsically a sum of principal lanes. For the right 
sum we have that the first junction is maximal by construction, and the 
following are also (IH). Therefore, it is a sum of principal lanes. A sum of a 
sum of principal lanes is itself a sum of principal lanes. 


Rewriting to a sum of principal lanes yields the same characteristic 
traces. This immediately follows, as an extra condition, from the proof of 
Lemma 6.20. 
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6.3. Normal Form and Completeness Theorem 


To show that the set of axioms in Table 3 is complete we must show that 
any process part of a p-trace equivalence class can be rewritten to any other 
process in this class, using only the axioms from the set. This is achieved by 
picking one process from the class and showing that all other processes can 
be rewritten to it. We say that this process is in normal form. 

In CCS, a normal form can be achieved by removing the non-deterministic 
behaviour from a process. We wonder if the same holds true for probabilistic 
processes. This is not the case. We can give a simple counter-example. 


Example 6.21. Let « = a.1b.16 + a.) 50.10. We have that pTr[z] = 


{(e,1), (a, 1), (ab, 1), (ab, 5)}. We have two traces with the same action 
sequence, which by definition of p7r and operation semantics can only be 
the result of alternative composition. This means we can not rewrite x toa 
process a.u, for any process expression u € P(1). 


We come up with a more elaborated normal form. In the previous 
sections, we introduced streets and lanes and presented a few properties. 
They form the building blocks to our normal form. We show that any 
probabilistic process can be rewritten to a normal form using the axioms. 
Then we show that a normal form is unique. This is the foundation of our 
completeness proof. 


Definition 6.22. Let x € N bea probabilistic process. Then « is in normal 
form iff 


e it is a sum of lanes, where each lane’s characteristic trace corresponds 
to exactly one trace in pTr[z], 


e each trace in pTr|] corresponds to the characteristic trace of exactly 
one lane, where the lanes are all principal, and 


e the lanes occur in the same arbitrary total order. 


Theorem 6.23. Every probabilistic process can be rewritten to normal 
form, using the axioms from Table 3. 


Proof: Let x € N be a process. We can rewrite x to a sum of lanes 
8 =) est (Theorem 6.13). Note that the characteristic trace of each lane 
in this sum corresponds to exactly one trace in pTr]s] (Lemma 6.15). We 
prove that we can rewrite s to a sum of principal lanes u, so that each 
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trace in pTr|u] corresponds to a characteristic trace of exactly one lane. We 
witness two cases. 


e Suppose that there is a trace (a, 9) € pTr|s] for which there is no lane 
t; € S in the sum of s, such that (o,p) = C(t,). There must be a 
lane tg € S such that (0, p) € pTr[t2] (pigeonhole principle). We can 
rewrite tg to a sum on lanes that contains t; (Lemma 6.17). 


e Suppose that there are two lanes t,,t2 € S' in the sum of s, such that 
C(t1) = C(tz2) and we can rewrite s so that one of them is omitted (A1, 
A2, A3). 


If we expand all lanes to sums as described, we get a larger sum, namely 
a sum containing at least one lane for each trace. We can rewrite this to 
a sum of principal lanes (Lemma 6.20), which we can rewrite to a sum of 
principal lanes containing exactly one lane for each trace (by the second 
bullet above). Let this lane be u. 

The sum of lanes wu satisfies the first four rules of our normal form. We 
show that we can rewrite u to a process z that also satisfies the last. Let 
<:T x T be a particular total order. We can order the lanes in u = )0}4 Yi 
such that for 1 <i < j < n it holds that C(y;) x C(y;) using axioms Al 
and A2. Let the process that is the result of this ordering be z. Since the 
lanes themselves have not changed in z, the first four rules are still met. It 
also satisfies the last one and therefore it is in normal form. This proves we 
can rewrite any process to normal form under p-trace equivalence. 


Lemma 6.24. Let x,y € N be two processes in the normal form such that 
XL =pytr y. Then x = y. 


Proof: We know that by definition for each trace (0, p) € pTr|x] = pTr|y] 
there is exactly one corresponding lane t, in x such that C(t,) = (0, /). 
Similarly, there is one ty such that C(ty) = (o,p). Since the lanes are all 
principal this means that t; = ty (Lemma 6.19) and by extension that x 
and y contain exactly the same lanes. Also, they occur by definition in the 
same order, which proves that x« = y. 


Theorem 6.25. The axioms in Table 3 are complete. 


Proof: Let x,y € N be two arbitrary p-trace equivalent processes. We 
have that x =p7, y. We must show that we can rewrite x to y, and the 
other way around. We show the former since the proof for the converse 
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is symmetrical. We can rewrite x to normal form z (Lemma 6.23). Since 
© =ptr y we have that z is also the normal form of y (Lemma 6.24). Note 
that we can rewrite z to y (Lemma 6.23). We can rewrite x to y and vice 
versa. Therefore, the axioms are complete. 


7 Conclusion 


We have presented an axiomatisation for the probabilistic trace equivalence, 
characterised as weighted traces, for the alternating model of Hansson. 
We proved this axiomatisation is complete. We have forgone the question 
whether this equivalence is the right one. Also, the use of a deterministic, 
memoryless scheduler is debatable as it may cause the equivalence to become 
over-discriminating (Remark 4.11). Other notions, such as distributed 
schedulers [7, 6, 9], restricted schedulers [8] or coherent resolutions [3], 
address this issue. The use of less discriminating schedulers may give rise 
to a more general version of Axiom PA3. This has not been explored. The 
addition of the parallel operator and recursion has also been left unexplored. 
The latter would require a different strategy, as the employed normal form 
will no longer be adequate. Future work should explore these options, as 
well as opt for the more favourable simple Segala model. 
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